Researchers Discover a Vibrant Market for Phishing Kits on Telegram Channels.
Researchers have discovered that threat actors are utilizing the messaging app to sell phishing kits and assist in setting up phishing campaigns, which is just more indication that Telegram is rapidly developing into a thriving hub for cybercrime.
According to a report this week by Kaspersky online content analyst Olga Svistunova, "phishers construct Telegram groups via which they teach their audience about phishing and amuse users with polls like, "What type of personal data do you prefer?"
Through GitHub, YouTube, and phishing kits created by the criminals themselves, the links to these Telegram channels are disseminated. According to the Russian cybersecurity company, approximately 2.5 million malicious URLs created with phishing kits were found in the last six months.
One of the notable services provided is the provision of Telegram bots to threat actors to automate the process of creating phishing pages and gathering user data.
Despite the fact that it is the scammer's job to send the false login pages to targets of interest, the credentials obtained in those sites are sent back via another Telegram bot.
Other bot businesses go it a step further by offering tools to construct phishing pages that look like real services and are then used to mislead potential victims under the guise of providing free likes on social media services.
"Scammer-operated Telegram channels occasionally post what appear to be exceptionally generous offers, such as zipped up sets of ready-to-use phishing kits targeting a large number of global and local brands," Svistunova explained.
In certain situations, phishers have been observed freely sharing users' personal information with other subscribers in the hopes of luring aspiring criminals, only to sell paid kits to those who seek to carry out further such attacks. The scammers also offer to teach people "how to phish for serious money."
Scammers use free offers to deceive cash-strapped and inexperienced criminals into utilizing their phishing kits, resulting in double theft, in which the stolen data is also transferred to the originator without their awareness.
Paid services, on the other hand, contain complex kits with appealing designs and capabilities such as anti-bot detection, URL encryption, and geoblocking that threat actors may use to commit more sophisticated social engineering operations. These pages range in price from $10 to $280.
Another paid category is the sale of personal data, with bank account credentials posted at varied rates depending on the balance. For example, a $49,000 balance account was shown for $700.
Furthermore, phishing services are advertised via Telegram on a subscription basis (i.e., phishing-as-a-service or PhaaS), with developers renting the kits for a monthly price in exchange for continuous updates.
A one-time password (OTP) bot that calls consumers and gets them to enter the two-factor authentication code on their phones to help bypass account security is also sold as a subscription.
It is relatively simple to set up these services. What is more difficult is gaining the customers' trust and loyalty. And other companies go out of their way to ensure that all information is encrypted so that it cannot be accessed by third parties, even themselves.
The findings follow an earlier January caution from Cofense, which found an 800% surge in the use of Telegram bots as exfiltration destinations for phished information.
"Wannabe phishers used to have to find their way onto the dark web, study the forums, and do other things to get started," Svistunova explained. "The barrier to joining the phisher community was lowered when malicious actors migrated to Telegram and now share insights and knowledge, often for free, directly in the popular messaging service."
Follow us -
No comments:
Post a Comment